Our organization’s maintenance window is typically on the 3rd Thursday on the month which gives us a week to test patches after Microsoft releases them on the 2nd Tuesday of the month. But this month, my team and I notice that our patch policies was being deployed a week earlier than our anticipated maintenance window. After some investigating, I noticed that this month (Sept 2021) has 5 Thursdays in the month which offset our reoccurring schedule in our Patch Policies. It resulted with my team having to go back into each of their patch policies and adjusting their schedule to patch on the 4th Thursday of the month to accommodate this offset. Then next month they’re have to go back in and revert the schedule back to the 3rd Thursday to meet our maintenance window. Looking at the calendar year for 2021 and 2022, there’s 4 month our of the year where this offset repeats. In the spirit of automation and setting and forgetting, this is a limitation to Patch Policy scheduling.
Is there currently a feature in the WebUI to accommodate for these odd months?
If not, can BigFix implement a more flexible scheduling option for Patch Policy in the WebUI?
I’ve worked with SAP BOE where you can create objects called Scheduling Calendars and set specific dates for the entire year and next to run a report. You can create and save multiple of these Scheduling Calendars and have your reports reference them as their schedule to run. Is it possible to develop something similar to this?
If you want the whole schedule to be based off of Patch Tuesday, set the schedule to run “16 days after the first Tuesday of the month”. That will always be the Thursday of the week after Patch Tuesday.
To the other question, yes you can set complex logic for Maintenance Windows, just not for the Patch Policy Schedule.
Use the console’s “Manage Maintenance Windows” Dashboard to set the windows however you like,.and set the Patch Policy checkbox for “Run in maintenance window”.
Be sure to check the instructions in the Maintenance Window Wizard, you have to manually create a Global Property for “In Maintenance Window”. This is a one-time effort you can do by copying the relevance from the Maintenance Window Analysis.
Jason, I am trying to use the WebUI and maintenance windows and need to clarify something. My test results are that when I create an action manually and use “In Maintenance Window matches True” then it will succeed. But when the WebUI creates the action it uses “In Maintenance Window = True” and this never returns true for me.
I checked my properties and I have both of these activated globally:
I’m pretty positive I did not create the one in the Master Action site, but regardless it is there so shouldn’t that be satisfying the suggestion you have about manually creating it? I verified both properties are returning true.
Thanks,
[edit]
Also this confirms what you suggested, but it does not seem to be working for me.
It’s been a while since I visited this topic… @jgstew or @dexdexdex may be able to advise…
I can say for sure that it’s the “Global” property for “In Maintenance Window” that is used when we define a constraint. @jgstew, @dexdexdex, any comment on the difference between “Matches True” and “= True” when used in an action constraint?
I got around this by creating an automatic group that targets the computers I want and checks maintenance window status at the same time. So now my patch policy only targets that group and no longer uses the “in maintenance window” checkbox.
I’m experiencing the exact same issue. The “In Maintenance Window” Global property and the copy i created both are = True yet the action still says The constraint “In Maintenance Window = True” is not met. Is this a bug? Or did i miss a step?
Can you export the action in the Console and post the XML here? I’m honestly not sure how the API would behave with two copies of the property in the Master Action Site.
You should probably remove one of them.
The original “In Maintenance Window” data property is in the BES Support Site and cannot be deleted. The custom copy I created is in the master action site. If i delete it then i can no longer use this capability with Patch Policies (I can no longer check the box “Run within the Maintenance Window”)
